Differences between revisions 62 and 63
Revision 62 as of 2012-05-01 20:37:40
Size: 7171
Editor: ?JossMouette
Comment: Remove completely obsolete paragraph.
Revision 63 as of 2012-05-09 14:32:58
Size: 7835
Comment: network shares
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:

== Network Shares ==

To be able to share directories by right-clicking in nautilus, install package "nautilus-share" and then "sudo adduser <username> sambashare" to allow <username> to create file shares.

To allow guest access, in /etc/samba/smb.conf add
{{{
usershare allow guests = yes
}}}
to the global section, and
{{{
map to guest = bad user
}}}
below the line "; security = user".

If your router does not resolve local hostnames correctly, or your using public DNS servers that respond with false IPs instead of unknown, in /etc/samba/smb.conf enable the "name roslve order" line (remove the ";") and move "host" to the end of the list.

This page is here so we can keep a list of things one needs to do in order to install a basic debian-desktop. The goal is to shorten this list integrating things into debian. For more details see the subpages of DebianDesktop.


  • Boot from a Sarge install CD. Enter "linux26" at the bootprompt to get a 2.6 kernel and udev installed. Then install the base-system to your needs.

When prompted by "tasksel" select the following task:

 * desktop-environment

After base-config is done there are some things left to do:

Network Shares

To be able to share directories by right-clicking in nautilus, install package "nautilus-share" and then "sudo adduser <username> sambashare" to allow <username> to create file shares.

To allow guest access, in /etc/samba/smb.conf add

usershare allow guests = yes

to the global section, and

map to guest = bad user

below the line "; security = user".

If your router does not resolve local hostnames correctly, or your using public DNS servers that respond with false IPs instead of unknown, in /etc/samba/smb.conf enable the "name roslve order" line (remove the ";") and move "host" to the end of the list.

Shared Directories

This is handy to easily share files, pictures, shared documents, etc. on multi-user systems (family PCs etc.).

Because Debian uses a user private group (UPG) scheme by default, the default permissions for new files (umask) can be set to allow write access to the group. Explanation at RedHat website.

To create groups use "addgroup <GROUPNAME>" as root. For example on your home PC you could create a group "family" and add the appropriate users to it.

Then create a family group directory: Do "mkdir /home/family", give it to the group with "chown :family /home/family" and change its permissions for example with  chmod u+rwx,g+rws,o-rwx /home/family  to a privately shared set-group-id directory (in octal notation: 2770).

Finally, change the default umask to 002. Unless libpam-umask is installed (see below), this has to be set in /etc/profile and /etc/login.defs . Now family group members can work with each other's files in the group directory without permission hassle.

If you've already got an existing directory full of files (pictures/music/whatever), this script might save you some time.


  • Security Note: It is not always a good idea to change your umask. This will set any new file created as group writable. Depending on what part of the system you're in, this could be a bad thing. UPG Schemes do take most of the worry away; just be cognizant of these facts when you create files in any 'special' directories.

There is another (more complicated) way to do this as well, using Access Control Lists (ACLs). Check here and here for more information.

In a nutshell:
apt-get install acl
sarge kernels: filesystems supported -> ext2,ext3,jfs,xfs
etch kernels support: ext2,ext3,reiserfs,jfs,xfs,nfs (with module nfs_acl)
change /etc/fstab options for drive you want to use acls on
ie
/dev/hda5       /pub       ext3    defaults,acl    0       0
cd /pub
mkdir family
setfacl -m d:u::rwx,d:g:family:rw,d:m:rw,d:o:--- family
        this will set the umask of the family directory such that all files created will be -rw-rw----+ and all directories created will be drwxrwS---+. This might not be entirely correct. At the very least, NFS has to be configured for ACLs, or an NFS server on Sarge and NFS Client in Etch can't handle ACLs.
"getfacl family" will show you the permissions.


  • Good information James. Can you be more specific about your security concerns? Maybe move ACL stuff to a separtate page like ?FilesystemAccessControlLists and reference it from this how to? MultiUserManagement translation may also be of interest for you. Have you subscribed this page?

Information about user private groups. A pretty good permissions primer can be found at: "http://linsec.ca/filesystems.php"

CUPS Printing System

(default package selection) Install and configure the CUPS printing system packages as described on ?DebianCUPS.

Start /usr/lib/openoffice/spadmin as root "add printer" and import your printers setup from /etc/foomatic/cups.

Default package selection

(synaptic only recommending)) "apt-get install libgnome2-perl" if you want the Gnome debconf frontend to actually work when you install packages. You may need to configure debconf to use "GNOME" frontend with "dpkg-reconfigure debconf" (Doesn't Synaptic let debconf start in appropriate mode within GNOME?).

(default package selection) Start up Synaptic and find, select and install the following packages:

  • anacron (desktops/laptops don't usually run all the time (at night, weekends, etc.) (alternatively fcron?)
  • If you need localized fonts: xfonts-base-transcoded and xfonts-*dpi-transcoded
  • zip and unzip
  • mc (midnight commander console filemanager)
  • ssh-askpass (lets ssh use a graphical password prompt window when run under X)

Are the following actually needed? For what benefit? They are non-free anyway:

  • x-ttcidfont-conf (needed for the next)
  • msttcorefonts (to display some webpages and documents correctly)


  • Now some configuring:

To actually make use of the private user groups in debian you have to set the default to "umask 002" in /etc/login.defs, /etc/profile and other shell config files, or better: install libpam-umask and you can centrally set a real system wide default umask with a line like this in /etc/pam.d/common-session:

session    optional     pam_umask.so umask=002

(In this case don't forget to remove any umask lines from /etc/login.defs, /etc/profile etc.)

There is currently a bug (336214) in gdm which will prevent the umask settings above from working if you are using gdm (the Debian default) as your login manager. To work around this bug, edit /etc/gdm/Xsession and add the line

umask 002

just after the line containing "Beginning session setup..."

The central settings for KDE in /etc/kde3 could also need some tweaking:

  • set CUPS as default printing system (Put the following into /etc/kde3/kdeprintrc)

  ["General"]
  PrintSystem=cups
  • If you like, make $HOME to be your Desktop for consistency. (Put the following into /etc/kde3/kdeglobals)

   ["Paths"]
   Desktop=$HOME
   Trash=$HOME/Trash/
  • If you need particular KDE system defaults like proxy, javascript and cookie policy etc., set them in the same way, too. http://www.kde.org/areas/sysadmin has more info about the configuration files, including making settings immutable to users.

...have fun! And if you encounter bugs search the net, if the bug is not already filed, find the appropriate package and the file a bug against it, if it concerns Debian simply use the "reportbug" utility for that.

Troubleshooting

For manual setup of the graphic you can use dpkg-reconfigure xserver-xfree86.

An alternative automatic configuration of the x-server is to install xdebconfigurator, run it, and then dexconf to generate a valid ?XF86config.

Things that have already been integrated

  • autoconfiguration of the xserver